FBI warns of drive-by attacks from Reveton virus

The FBI has issued a warning about a new version of a “drive-by” virus that locks users’ computers, tells them they’ve violated federal law and demands they pay a fine through a prepaid card service.

The message appears to come from the FBI or the Justice Department’s Computer Crime and Intellectual Property Section, the FBI said in its warning about the virus. And although the ruse might seem obvious to most computer users, “some people have actually paid the so-called fine,” said Donna Gregory of the Internet Crime Complaint Center.

A scam that tries to take advantage of the FBI’s authority is nothing new — the IC3’s 2011 Internet Crime Report said FBI-related scams were the most common type on the Internet — but the use of this burgeoning type of drive-by malware in such a swindle is fairly recent.

Many forms of malware download to a user’s computer when they open a file or attachment, the FBI said. Drive-by malware can download itself when you click on a compromised website, by taking advantage of vulnerabilities in Web browsers or plug-ins that work within the browser.

And although it often will try to sneak in without the user noticing, this particular piece of malware, known as Reveton ransomware, is anything but subtle. It immediately locks up the victim’s computer and displays a message declaring that a violation of federal law has taken place — associated with child pornography or other illegal activity — and ordering the user to pay the fine.

The FBI said it first came across Reveton, which is distributed via the Citadel malware platform, in 2011. And IC3 issued a warning in May this year, but drive-by malware has spread, both domestically and overseas, since then. Gregory said IC3 has been getting dozens of complaints daily.

IC3 recommends that victims of the Reveton virus should not, of course, pay any money to remove the virus.. Instead they should contact a computer professional or, if it’s on a work computer, the IT shop. The security company F-Secure, for one, also offers instructions on removing the virus.

But if you manage to unlock the computer, be aware that Reveton could still be operating in the background, looking, for example, to use a key-logger to steal personal information such as user names, passwords and credit card numbers, IC3 warned.

And IC3 is urging victims to file a complaint and look for updates about the Reveton virus on its website.

IC3 is a partnership between the FBI and the National White Collar Crime Center that was set up in 2000 to give people an easy way to report online crime and to assist law enforcement agencies in tracking cyber crimes.

inside gcn

Reader Comments

Tue, Apr 2, 2013

Another virus is here like this one but different.... It says You downloaded illegal or warez files to get your normal internet back take this quick survey to confirm your not a robot.

Fri, Aug 10, 2012
Melissa
USA

Well if you want removal steps for FBI viruses, this webpage has been around for a while: http://botcrawl.com/how-to-remove-the-fbi-moneypak-ransomware-virus-fake-fbi-malware-removal/ and this one too: http://botcrawl.com/how-to-remove-citadel-malware-reveton-ransomware/

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.